Blueprints in Amazon SageMaker Unified Studio - Amazon SageMaker Unified Studio

Amazon SageMaker Unified Studio is in preview release and is subject to change.

Blueprints in Amazon SageMaker Unified Studio

A blueprint with which the project profile is created defines what AWS tools and services members of the project to which the project profile belongs can use as they work with data in the Amazon SageMaker catalog.

Supported blueprints

In the current release of Amazon SageMaker Unified Studio, the following default blueprints are supported:

Blueprint name Description Resources created
AmazonBedrockGenerativeAI This is the combined Amazon Bedrock blueprint which contains seven sub-Amazon Bedrock blueprints. It enables users to build generative AI applications using tools such as Agents, Knowledge Bases, Guardrails, Flows, Functions, and Model Evaluation.
AmazonBedrockChatAgent Provides a reusable AWS CloudFormation template to create an Amazon Bedrock Agent and supporting resources, including an execution role and a consumption role. Bedrock Agent, Bedrock Agent Execution role, Bedrock Agent Consumption role
AmazonBedrockEvaluation Creates one IAM role as the service role for an Amazon Bedrock evaluation job. Bedrock Evaluation job execution role
AmazonBedrockFlow Provides a reusable AWS CloudFormation template to create an Amazon Bedrock Prompt Flow and supporting resources such as an execution role.

Amazon Bedrock Flow, Amazon Bedrock Flow Execution role

AmazonBedrockFunction Provides a reusable AWS CloudFormation template to create an AWS Lamda function and supporting resources, such as an execution role, and a secret manager. Secrets Manager secret, AWS Lambda function, AWS Lambda function execution role, Log group
AmazonBedrockGuardrail Provides an AWS CloudFormation template to create an Amazon Bedrock Guardrail and supporting resources such as an execution role. Amazon Bedrock Guardrail
AmazonBedrockKnowledgeBase Provides an AWS CloudFormation template to create a reusable Amazon Bedrock Knowledge Base and supporting resources such as an execution role. Amazon Bedrock Knowledge Base, OpenSearch Serverless collection, Amazon Bedrock Knowledge Base Execution role, AWS Lambdas, including OpenSearch Index Lambda and KB Ingestion Trigger Lambda, AWS Lambda Execution role, Amazon Bedrock Knowledge Base data source
AmazonBedrockPrompt Provides a reusable AWS CloudFormation template to create an Amazon Bedrock Prompt and supporting resources, such as an execution role, and a consumption role. Amazon Bedrock Prompt, Amazon Bedrock Prompt Consumption role
DataLake Provides a reusable AWS CloudFormation template to create a data lake environment with a AWS Glue database for data management and an Amazon Athena workgroup for querying data. AWS Glue databases, lake formation permissions, Amazon Athena workgroups
EMRonEC2 Provides a reusable AWS CloudFormation template to create an Amazon EMR on EC2 cluster to run and scale Apache Spark, Hive, and other big data workloads. For more information about enabling this blueprint see, Specify PEM certificate for EmrOnEc2 blueprint EMR on EC2 clusters
EMRServerless Provides a reusable AWS CloudFormation template to create an Amazon EMR Serverless application that is ready to serve Apache Spark batch jobs and interactive sessions. EMR on Serverless applications
LakehouseCatalog Provisions a new catalog in the Amazon SageMaker Lakehouse that is backed by Amazon Redshift Managed Storage
MLExperiments Provides OnDemand blueprint to enable MLflow tracking server for the experimentation inside a project. MLflow tracking server (on demand)
PartnerApps Creates an IAM role and a Connection that enables access to Partner AI Apps. Through Partner AI Apps you can leverage integrated and fully-managed thrid-party solutions for AI/Ml development. Amazon SageMaker Partner AI Apps IAM role, Amazon SageMaker Partner AI Apps Connection
RedshiftServerless Provides a reusable AWS CloudFormation template to create an Amazon Redshift Serverless environment to get insights from data without managing infrastructure. Amazon Redshift Serverless warehouses
Tooling Creates resources for the project, including IAM user roles, security groups, and Amazon SageMaker platform domains. IAM user roles, Amazon SageMaker platform domains, security groups
Workflows Provides an AWS CloudFormation template to create the MWAA environment for Airflow based Workflows Enables project workflows on MWAA

Enable or disable blueprints

You can complete the following procedure to enable or disable blueprints in the Amazon SageMaker management console:

  1. Navigate to the Amazon SageMaker management console at https://console.aws.amazon.com/datazone and use the region selector in the top navigation bar to choose the appropriate AWS Region.

  2. Choose View domains and choose the domain’s name from the list. The name is a hyperlink.

  3. On the domain's details page, navigate to the Blueprints tab.

  4. In the Blueprints tab, use the radio buttons to select the blueprints that you want to enable or disable and then choose the Enable or Disable buttons to perform the action.

Important

When you enable a blueprint, by default, you are enabling it in the same region as your domain. When you are enabling blueprints for a project profile that is created and enabled in a different region from your domain, you must enable these blueprints in same region where this project profile is enabled (in addition to enabling this blueprint in the same region as your domain). You can do this via the Regions tab in the blueprint details page. This applies to all blueprints, including the Tooling blueprint.

Specify PEM certificate for EmrOnEc2 blueprint

In order to successfully enable the EmrOnEc2 blueprint, you must specify the location of your PEM certificate. To do this, complete the following procedure:

  1. Navigate to the Amazon SageMaker management console at https://console.aws.amazon.com/datazone and use the region selector in the top navigation bar to choose the appropriate AWS Region.

  2. Choose View domains and choose the domain’s name from the list. The name is a hyperlink.

  3. Choose the Project profiles tab and then choose the project profile where the EmrOnEc2 blueprint is used.

  4. Choose the radio button for the EmrOnEc2 blueprint deployment setting and choose Edit.

  5. Under the Blueprint parameters section, edit the certificateLocation parameter. Enter the S3 location of the ZIP file that contains PEM certificate file(s). You must enter the S3 location URL using the correct format of s3://<DomainBucketName>/<AmazonDataZoneDomainID>/certificate_location/ Make sure to replace <DomainBucketName>/<AmazonDataZoneDomainID> with the correct values for those for your domain.

    For more information about PEM certificates, see Using PEM certificates.

Manage blueprint authorization

You can perform the following procedure to manage the authorization configuration of a blueprint.

  1. Navigate to the Amazon SageMaker management console at https://console.aws.amazon.com/datazone and use the region selector in the top navigation bar to choose the appropriate AWS Region.

  2. Choose View domains and choose the domain’s name from the list. The name is a hyperlink.

  3. On the domain's details page, navigate to the Blueprints tab.

  4. In the Blueprints tab, choose the blueprint the authorization configuration of which you'd like to change. The name of the blueprint is a hyperlink.

  5. On the bluprint's details page, navigate to the Authorization tab.

  6. In the Authorization tab, you can use the Add and Remove buttons to add or remove domain units. By adding a domain unit, you're allowing projects that belong to this domain unit to use this blueprint. By removing a domain unit, you're removing the ability to use this blueprint from projects that belong to this domain unit.

    You can use the Cascade to all child domain units toggle to apply the authorization setting that you're configuring to all the child domain units of the domain unit that you're adding or removing.

Manage Tooling blueprint parameters

The tooling blueprint creates resources for the project, including IAM user roles, security groups, and Amazon SageMaker platform domains.

You can perform the following procedure to manage the parameters of the Tooling blueprint.

  1. Navigate to the Amazon SageMaker management console at https://console.aws.amazon.com/datazone and use the region selector in the top navigation bar to choose the appropriate AWS Region.

  2. Choose View domains and choose the domain’s name from the list. The name is a hyperlink.

  3. On the domain's details page, navigate to the Project profiles tab.

  4. In the Project profiles tab, choose a project profile, for example, Data analytics and AI-ML model development. The name of the project profile is a hyperlink.

  5. On the project profile details page, choose Tooling configuration.

  6. In the Blueprint parameters section, review the parameter values that will be used during project creation.

    To modify a parameter value, first, on the Tooling configuration tab, choose Edit, then choose the parameter that you want to edit by checking its radio button, and then choose Edit.

    In the Edit blueprint parameter pop up window, modify the parameter value, and check the Editable box if you want the values to be provided during project creation.

    You can modify the following parameters:

    • minIdleTimeoutInMinutes - the minimum time (in minutes) that Amazon SageMaker waits after the application becomes idle before shutting the user's space down.

    • maxEbsVolumeSize - the maximum EBS storage volume size (in GB) for the user's private spaces.

    • idleTimeoutInMinutes - the time (in minutes) that Amazon SageMaker waits after the application becomes idle before shutting the user's space down.

    • enableNetworkIsolation - enable network isolation for training and deployed inference container.

    • lifecycleManagement - indicates whether idle shutdown is activated for this project's Amazon SageMaker platform domain.

    • sagemakerDomainNetworkType - The network type for this project's Amazon SageMaker platform domain.

    • maxIdleTimeoutInMinutes - the maximum time (in minutes) that Amazon SageMaker waits after the application becomes idle before shutting this project's Amazon SageMaker platform domain down.

    • allowConnectionToUserGovernedEmrClusters - allow connection creation to existing user governed EMR Clusters.

    • enableSpaces - enable creation of private compute spaces for development tools.